﻿using System;
using System.Collections.Generic;
using System.Web;
using System.Web.UI.WebControls;
using btnet;
using System.Text;
using System.Data;

/// <summary>
/// Summary description for delete_attachment
/// </summary>
public partial class delete_attachment : System.Web.UI.Page
{


    protected String sql;

    protected Security security;

    protected void Page_Init(object sender, EventArgs e) { ViewStateUserKey = Session.SessionID; }

    ///////////////////////////////////////////////////////////////////////
    void Page_Load(Object sender, EventArgs e)
    {
        if (!IsPostBack)
        {
            String footer_label = null;
            if (Application["custom_footer"] != null)
            {
                footer_label = (String)Application["custom_footer"];
            }
            custom_footer_label.Text = footer_label;
        }

        Util.do_not_cache(Response);

        security = new Security();

        security.check_security(HttpContext.Current, Security.ANY_USER_OK_EXCEPT_GUEST);

        if (security.user.is_admin || security.user.can_edit_and_delete_posts)
        {
            //
        }
        else
        {
            Response.Write("You are not allowed to use this page.");
            Response.End();
        }

        string attachment_id_string = Util.sanitize_integer(Request["id"]);
        string bug_id_string = Util.sanitize_integer(Request["bug_id"]);

        int permission_level = btnet.Bug.get_bug_permission_level(Convert.ToInt32(bug_id_string), security);
        if (permission_level != Security.PERMISSION_ALL)
        {
            Response.Write("You are not allowed to edit this item");
            Response.End();
        }


        if (IsPostBack)
        {
            // save the filename before deleting the row
            sql = @"select bp_file from bug_posts where bp_id = $ba";
            sql = sql.Replace("$ba", attachment_id_string);
            string filename = (string)btnet.DbUtil.execute_scalar(sql);

            // delete the row representing the attachment
            sql = @"delete bug_post_attachments where bpa_post = $ba
            delete bug_posts where bp_id = $ba";
            sql = sql.Replace("$ba", attachment_id_string);
            btnet.DbUtil.execute_nonquery(sql);

            // delete the file too
            string upload_folder = Util.get_upload_folder();
            if (upload_folder != null)
            {
                StringBuilder path = new StringBuilder(upload_folder);
                path.Append("\\");
                path.Append(bug_id_string);
                path.Append("_");
                path.Append(attachment_id_string);
                path.Append("_");
                path.Append(filename);
                if (System.IO.File.Exists(path.ToString()))
                {
                    System.IO.File.Delete(path.ToString());
                }
            }


            Response.Redirect("edit_bug.aspx?id=" + bug_id_string);
        }
        else
        {
            titl.InnerText = Util.get_setting("AppTitle", "BugTracker.NET") + " - "
                + "delete attachment";

            back_href.HRef = "edit_bug.aspx?id=" + bug_id_string;

            sql = @"select bp_file from bug_posts where bp_id = $1";
            sql = sql.Replace("$1", attachment_id_string);

            DataRow dr = btnet.DbUtil.get_datarow(sql);

            string s = Convert.ToString(dr["bp_file"]);

            confirm_href.InnerText = "confirm delete of attachment: " + s;

            row_id.Value = attachment_id_string;
        }

    }
}